Securing an HP LaserJet printer with LetsEncrypt

The fantastic Let’s Encrypt service lets you issue SSL/TLS certificates to devices without charge. It’s not everything you may want at the enterprise level, but for the professional in their home environment, it’s great.

I wanted to replace the self-signed certificate on an HP printer I had, but it wasn’t an easy process. I’ve documented it here so it can be useful to others too.

First, use certbot to generate your certificate. Run the command as follows:

certbot -d host.example.com --manual --preferred-challenges dns certonly

This will instruct you to add a TXT record to the DNS record for the host for authentication, after which you’ll receive your certificate.

To convert this in to a PKCS#12 file, suitable for loading on to the printer, use the following command:

openssl pkcs12 -export -out certificate.pfx -inkey config/live/host.example.com/privkey.pem -in config/live/host.example.com/cert.pem

The .pfx file can then be uploaded to the printer and it’ll use it immediately.